Alerts This Week
Warning Icon 1 1,229
Alerts This Week
Warning Icon 1 1,229

Ubuntu 25.04: PHP Moderate Denial of Service Flaws USN-7648-1

ubuntu
Calendar Grey July 17, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities in PHP on Ubuntu patched via updates. Potential denial of service threats mitigated successfully.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php8.4: HTML-embedded scripting language interpreter

- php8.3: HTML-embedded scripting language interpreter

- php8.1: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain hostnames containing

null characters. A remote attacker could possibly use this issue to bypass

certain hostname validation checks. (CVE-2025-1220)

It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql

escaping functions. A remote attacker could possibly use this issue to

cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)

It was discovered that PHP incorrectly handled parsing certain XML data in

SOAP extensions. A remote attacker could possibly use this issue to cause

PHP to crash, resulting in a denial of service. (CVE-2025-6491)

Topics%20covered

Topics Covered

security advisory moderate denial of service php Ubuntu hostname validation

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libapache2-mod-php8.4           8.4.5-1ubuntu1.1
  php8.4                          8.4.5-1ubuntu1.1
  php8.4-cgi                      8.4.5-1ubuntu1.1
  php8.4-cli                      8.4.5-1ubuntu1.1
  php8.4-fpm                      8.4.5-1ubuntu1.1
  php8.4-pgsql                    8.4.5-1ubuntu1.1

Ubuntu 24.04 LTS
  libapache2-mod-php8.3           8.3.6-0ubuntu0.24.04.5
  php8.3                          8.3.6-0ubuntu0.24.04.5
  php8.3-cgi                      8.3.6-0ubuntu0.24.04.5
  php8.3-cli                      8.3.6-0ubuntu0.24.04.5
  php8.3-fpm                      8.3.6-0ubuntu0.24.04.5
  php8.3-pgsql                    8.3.6-0ubuntu0.24.04.5

Ubuntu 22.04 LTS
  libapache2-mod-php7.4           8.1.2-1ubuntu2.22
  libapache2-mod-php8.0           8.1.2-1ubuntu2.22
  libapache2-mod-php8.1           8.1.2-1ubuntu2.22
  php8.1                          8.1.2-1ubuntu2.22
  php8.1-cgi                      8.1.2-1ubuntu2.22
  php8.1-cli                      8.1.2-1ubuntu2.22
  php8.1-fpm                      8.1.2-1ubuntu2.22
  php8.1-pgsql                    8.1.2-1ubuntu2.22

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7648-1

CVE-2025-1220, CVE-2025-1735, CVE-2025-6491

Ubuntu Security Notice USN-7648-1

Topics%20covered

Topics Covered

security advisory moderate denial of service php Ubuntu hostname validation

Package Information

https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.5
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.22

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here